Along with the advance of the digital computer technology, even in office devices and general home appliances, functions such as connection, cooperation of processes, and the like can be implemented via a network.
As network techniques that implement fusion of such device control apparatuses via networks, device control protocols such as UPnP (Universal Plug and Play), Jini, Jxta, and the like are known.
UPnP will be explained below as an example. UPnP is a device control protocol that supports protocols such as IP (Internet Protocol), TCP (Transfer Control Protocol), UDP (User Datagram Protocol), HTTP (Hyper Text Transfer Protocol, XML (extensible Markup Language), and the like, which have become de facto standards in the Internet world.
UPnP uses SSDP to discover devices connected on the network and to recognize their functions. SSDP is a backbone of UPnP, and its standard specification is issued by IETF. In order to discover devices, IP broadcast is used. For example, when a query “which device can play back a digital video stream?” is broadcast, devices which meet the condition voluntarily transmit their IP addresses and host names to the query source. At this time, information unique to each device (e.g., functions that these devices have) is exchanged. The data format used in information exchange is XML, and communications are made by HTTP.
Device control uses SOAP (Simple Object Access Protocol). SOAP is an RPC-based Internet communication industry standard protocol, which is arranged to smoothly exchange XMLWeb services. A control message is transmitted to a device using SOAP, and a result or error is acquired. A UPnP control request is a SOAP message including an action that calls by designating parameters. Also, a response is a SOAP message including status, and a value and parameters are returned.
A device control protocol represented by UPnP, which is used to connect devices each other via a network, roughly includes a discovery phase that searches devices connected to the network, and a control phase that controls devices discovered in the discovery phase. In many cases, these phases adopt different communication schemes: broadcast communications are made in the discovery phase, and unicast communications are made in the control phase.
As for a security policy, a method of dynamically determining a security policy at the beginning of a communication with a control device (each system has one security policy), and a method of dynamically determining a security policy by authenticating a user who uses a control device (each user has one security policy) (see US2001/0042201) are available.
With the popularization of the Internet, e-commerce, online shopping, and the like have prevailed.
However, since such transactions are made without any direct face-to-face exchange, crimes such as “sniffing”, “falsification of data”, “spoofing by a third party”, and the like peculiar to the Internet have occurred frequently.
Hence, how to maintain and assure security in data transmission/reception, e-commerce, and the like poses serious problems.
Various methods of assuring security in network communications such as SSL (Secure Socket Layer; to be abbreviated as “SSL” hereinafter), TLS (Transport Layer Security; to be abbreviated as “TLS” hereinafter), IPSec (Internet Protocol Security; to be abbreviated as “IPSec” hereinafter), and the like are available. IPSec is described in RFC 2402 and RFC 2406.
SSL implements encrypted communications that protect communications among a Web server, browser, and portable terminal. SSL is mainly used in communications between specific applications. Likewise, TLS is used in communications between two applications.
On the other hand, since IPSec assures security on the IP level, it goes into effect in all network communications of applications which run on that system.
However, with the aforementioned prior art systems, SSL is used in an Internet browser or the like and is installed in a specific application, but it is not operative for other network communications of a system that uses them.
For example, when the user is browsing external resources using SSL on a Web browser, if he or she wants to transmit/receive e-mail messages using mailing software on that system, no security is assured.